<?xml version="1.0" encoding="UTF-8" ?>

<!--
 Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 Use is subject to license terms.

 CDDL HEADER START

 The contents of this file are subject to the terms of the
 Common Development and Distribution License (the "License").
 You may not use this file except in compliance with the License.

 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 or http://www.opensolaris.org/os/licensing.
 See the License for the specific language governing permissions
 and limitations under the License.

 When distributing Covered Code, include this CDDL HEADER in each
 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 If applicable, add the following below this CDDL HEADER, with the
 fields enclosed by brackets "[]" replaced with your own identifying
 information: Portions Copyright [yyyy] [name of copyright owner]

 CDDL HEADER END
-->


<!--Entity Definitions-->

<!-- timeattr or iso8601

timeattr:
	the time/date to the second in strftime(3C) default format,
	followed by milliseconds offset.

	Example:	time="Mon May 06 12:10:18 2002" msec="750"

iso8601:
	ISO 8601 standard format date time and timezone;
	YYYY-MM-DD HH:MM:SS.sss +/-HH:MM; year, month, day 24 hour time with
	milliseconds + or - offset from Universal Time (UTC, aka GMT)
	
	Example:        iso8601="2003-09-17 16:47:41.831 -07:00"

-->
<!ENTITY % timeattr	"time		CDATA #IMPLIED
			msec		CDATA #IMPLIED">

<!ENTITY % iso8601	"iso8601	CDATA #IMPLIED">

<!-- xinfo	Generic info for X related tokens.  -->
<!ENTITY % xinfo	"xid		CDATA #REQUIRED
			xcreator-uid	CDATA #REQUIRED">

<!-- reserved_toks 

This represents the set of "reserved" tokens whose placement is
fixed.

-->
<!ENTITY % reserved_toks	"(
			file			|
			record			|
			host			|
			sequence
			)
">

<!-- normaltoks 

This represents the set of all tokens other than the "reserved"
tokens.

-->
<!ENTITY % normaltoks	"(
			acl			|
			arbitrary		|
			argument		|
			attribute		|
			cmd			|
			exit			|
			exec_args		|
			exec_env		|
			fmri			|
			group			|
			ip			|
			ip_address		|
			IPC			|
			IPC_perm		|
			ip_port			|
			liaison			|
			opaque			|
			path			|
			path_attr		|
			privilege		|
			process			|
			return			|
			sensitivity_label	|
			old_socket		|
			socket			|
			subject			|
			text			|
			user			|
			use_of_authorization	|
			use_of_privilege	|
			X_atom			|
			X_client		|
			X_color_map		|
			X_cursor		|
			X_font			|
			X_graphic_context	|
			X_pixmap		|
			X_property		|
			X_selection		|
			X_window		|
			zone
			)
">

<!--Element Definitions-->

<!--

The main element, "audit", consists of a sequence of file & record tokens.

-->
<!ELEMENT audit (file | record)*>

<!-- file token -->
<!ELEMENT file		(#PCDATA)>
<!ATTLIST file		%iso8601;>


<!-- record token

Audit records will have this general layout of tokens after the
first token (which is the record token):
	(tokens),subject,group,(tokens),return,sequence,host

(all tokens after the record token are optional; the host token is unused.)

-->
<!ELEMENT record (
		(%normaltoks;)*,
		sequence?,
		host?
	)
>
<!ATTLIST record
		version		CDATA #REQUIRED
		event		CDATA #REQUIRED
		modifier	CDATA #IMPLIED
		host		CDATA #IMPLIED
		%iso8601;
>

<!-- text token -->
<!ELEMENT text		(#PCDATA)>

<!-- user token -->
<!ELEMENT user	EMPTY>
<!ATTLIST user
		uid		CDATA #REQUIRED
		username	CDATA #REQUIRED
>

<!-- path token -->
<!ELEMENT path		(#PCDATA)>

<!-- path_attr token -->
<!ELEMENT path_attr		(xattr*)>
<!ELEMENT xattr			(#PCDATA)>

<!-- host token -->
<!ELEMENT host		(#PCDATA)>

<!-- subject token -->
<!ELEMENT subject	EMPTY>
<!ATTLIST subject
		audit-uid	CDATA #REQUIRED
		uid		CDATA #REQUIRED
		gid		CDATA #REQUIRED
		ruid		CDATA #REQUIRED
		rgid		CDATA #REQUIRED
		pid		CDATA #REQUIRED
		sid		CDATA #REQUIRED
		tid		CDATA #REQUIRED
>

<!-- process token -->
<!ELEMENT process	EMPTY>
<!ATTLIST process
		audit-uid	CDATA #REQUIRED
		uid		CDATA #REQUIRED
		gid		CDATA #REQUIRED
		ruid		CDATA #REQUIRED
		rgid		CDATA #REQUIRED
		pid		CDATA #REQUIRED
		sid		CDATA #REQUIRED
		tid		CDATA #REQUIRED
>

<!-- return token -->
<!ELEMENT return		EMPTY>
<!ATTLIST return
		errval		CDATA #REQUIRED
		retval		CDATA #REQUIRED
>

<!-- exit token -->
<!ELEMENT exit			EMPTY>
<!ATTLIST exit
		errval		CDATA #REQUIRED
		retval		CDATA #REQUIRED
>

<!-- sequence token -->
<!ELEMENT sequence		EMPTY>
<!ATTLIST sequence
		seq-num		CDATA #REQUIRED
>

<!-- fmri token -->
<!ELEMENT fmri			(#PCDATA)>

<!-- group token -->
<!ELEMENT group			(gid)*>
<!ELEMENT gid			(#PCDATA)>

<!-- opaque token -->
<!ELEMENT opaque		(#PCDATA)>

<!-- liaison token -->
<!-- (NOTE: liaison is obsolete and is no longer generated -->
<!ELEMENT liaison		(#PCDATA)>

<!-- argument token -->
<!ELEMENT argument		EMPTY>
<!ATTLIST argument
		arg-num		CDATA #REQUIRED
		value		CDATA #REQUIRED
		desc		CDATA #REQUIRED
>

<!-- attribute token -->
<!ELEMENT attribute		EMPTY>
<!ATTLIST attribute
		mode		CDATA #REQUIRED
		uid		CDATA #REQUIRED
		gid		CDATA #REQUIRED
		fsid		CDATA #REQUIRED
		nodeid		CDATA #REQUIRED
		device		CDATA #REQUIRED
>

<!-- cmd token -->
<!ELEMENT cmd			(argv*, arge*)>
<!ELEMENT argv			(#PCDATA)>
<!ELEMENT arge			(#PCDATA)>

<!-- exec_args token -->
<!ELEMENT exec_args		(arg*)>
<!ELEMENT arg			(#PCDATA)>

<!-- exec_env token -->
<!ELEMENT exec_env		(env*)>
<!ELEMENT env			(#PCDATA)>

<!-- arbitrary token -->
<!ELEMENT arbitrary		(#PCDATA)>
<!ATTLIST arbitrary
		print		CDATA #REQUIRED
		type		CDATA #REQUIRED
		count		CDATA #REQUIRED
>

<!-- privilege token -->
<!ELEMENT privilege		(#PCDATA)>
<!ATTLIST privilege
		set-type	CDATA #REQUIRED
>

<!-- secflags token -->
<!ELEMENT secflags		(#PCDATA)>
<!ATTLIST secflags
		set-type	CDATA #REQUIRED
>


<!-- use_of_privilege token -->
<!ELEMENT use_of_privilege	(#PCDATA)>
<!ATTLIST use_of_privilege
		result		CDATA #REQUIRED
>

<!-- sensitivity_label token -->
<!ELEMENT sensitivity_label	(#PCDATA)>

<!-- use_of_authorization token -->
<!ELEMENT use_of_authorization	(#PCDATA)>

<!-- IPC token -->
<!ELEMENT IPC			EMPTY>
<!ATTLIST IPC
		ipc-type	CDATA #REQUIRED
		ipc-id		CDATA #REQUIRED
>

<!-- IPC_perm token -->
<!ELEMENT IPC_perm		EMPTY>
<!ATTLIST IPC_perm
		uid		CDATA #REQUIRED
		gid		CDATA #REQUIRED
		creator-uid	CDATA #REQUIRED
		creator-gid	CDATA #REQUIRED
		mode		CDATA #REQUIRED
		seq		CDATA #REQUIRED
		key		CDATA #REQUIRED
>

<!-- ip_address token -->
<!ELEMENT ip_address		(#PCDATA)>

<!-- ip_port token -->
<!-- (NOTE: ip_port is obsolete and is no longer generated -->
<!ELEMENT ip_port		(#PCDATA)>

<!-- ip token -->
<!-- (NOTE: ip is obsolete and is no longer generated -->
<!ELEMENT ip			EMPTY>
<!ATTLIST ip
		version		CDATA #REQUIRED
		service_type	CDATA #REQUIRED
		len		CDATA #REQUIRED
		id		CDATA #REQUIRED
		offset		CDATA #REQUIRED
		time_to_live	CDATA #REQUIRED
		protocol	CDATA #REQUIRED
		cksum		CDATA #REQUIRED
		src_addr	CDATA #REQUIRED
		dest_addr	CDATA #REQUIRED
>

<!-- old_socket token -->
<!ELEMENT old_socket		EMPTY>
<!ATTLIST old_socket
		type		CDATA #REQUIRED
		port		CDATA #REQUIRED
		addr		CDATA #REQUIRED
>

<!-- socket token -->
<!ELEMENT socket		EMPTY>
<!ATTLIST socket
		sock_domain	CDATA #REQUIRED
		sock_type	CDATA #REQUIRED
		lport		CDATA #REQUIRED
		laddr		CDATA #REQUIRED
		fport		CDATA #REQUIRED
		faddr		CDATA #REQUIRED
>

<!-- acl token -->
<!ELEMENT acl			EMPTY>
<!ATTLIST acl
		type		CDATA #IMPLIED
		value		CDATA #IMPLIED
		mode		CDATA #IMPLIED
		flags		CDATA #IMPLIED
		id		CDATA #IMPLIED
		access_mask	CDATA #IMPLIED
>

<!-- tid token -->
<!-- future intent: contain one of ipadr | MTUadr | device -->
<!ELEMENT tid			(ipadr*)>
<!ATTLIST tid
		type		CDATA #REQUIRED
>

<!-- ipadr content of tid token -->
<!ELEMENT ipadr			EMPTY>
<!ATTLIST ipadr
		local-port	CDATA #REQUIRED
		remote-port	CDATA #REQUIRED
		host		CDATA #REQUIRED
>

<!-- X_atom token -->
<!ELEMENT X_atom		(#PCDATA)>

<!-- X_color_map token -->
<!ELEMENT X_color_map		EMPTY>
<!ATTLIST X_color_map		%xinfo;>

<!-- X_cursor token -->
<!ELEMENT X_cursor		EMPTY>
<!ATTLIST X_cursor		%xinfo;>

<!-- X_font token -->
<!ELEMENT X_font		EMPTY>
<!ATTLIST X_font		%xinfo;>

<!-- X_graphic_context token -->
<!ELEMENT X_graphic_context	EMPTY>
<!ATTLIST X_graphic_context	%xinfo;>

<!-- X_pixmap token -->
<!ELEMENT X_pixmap		EMPTY>
<!ATTLIST X_pixmap		%xinfo;>

<!-- X_window token -->
<!ELEMENT X_window		EMPTY>
<!ATTLIST X_window		%xinfo;>

<!-- X_property token -->
<!ELEMENT X_property		(#PCDATA)>
<!ATTLIST X_property		%xinfo;>

<!-- X_client token -->
<!ELEMENT X_client		(#PCDATA)>

<!-- X_selection token -->
<!ELEMENT X_selection		(xsel_text, xsel_type, xsel_data)>
<!ELEMENT x_sel_text		(#PCDATA)>
<!ELEMENT x_sel_type		(#PCDATA)>
<!ELEMENT x_sel_data		(#PCDATA)>

<!-- zonename token -->
<!ELEMENT zone			EMPTY>
<!ATTLIST zone
		name		CDATA #REQUIRED
>
